SSL is not a SHEET. You get an SSL certificate which is just a seal to show that you have SSL enabled on your website.
SSL (secure socket layer) is essentially an encrypted tunnel that you pass all infomation that goes from your customer to your database through. SSL IS NESSECARY TO HAVE A SUCCESSFUL STORE. just check out any e-commerce store, when you go there you will see that they have SSL.
You know a website has SSL when you go to any page that collects personal data (including email, passwords, shipping, and payment info) and the url changes from
http://website.com to
https://website.com You also see a little padlock in the browser and some even change color on secure pages.
SSLs are not expensive, and you can get a FREE shared SSL from most hosts. A shared SSL is an OK solution. Basically, when your SSL is shared, ALL of the pages on your site that should be secure (login, create account, shipping, payment, etc) will change from
http://yourdomain.com
to
https://server123.hostname.com/~yourdomain
this is not ideal because it can freak out customers you obsesivly check the URL to make sure they are not getting scammed. When the .com name changes, even though your name is in that url at the end, they might not trust it because people dont know too much about how this stuff works.
With a dedicated SSL (which costs about $70 a month with a dedicated IP address)your url changes just from
http://yourdomain.com
to
https://yourdomain.com
BUT, this has nothing to do with credit card information. BY LAW YOU ARE NOT ALLOWED TO STORE CREDIT CARD DATA UNLESS YOU MEET CERTAIN STANDARDS OR REQUIREMENTS. You need to be
PCI COMPLIANT
You really SHOULD try to become PCI compliant even if you dont store credit cards.
BUT, if you have a merchant account (either from a bank, card processing company or something like paypal) chances are they will do all of that for you since they are the only ones that really need to SEE the customer's credit card number.
With a merchant account, you need a SECURE GATEWAY. These sometimes come with a merchant account, and sometimes you have to pay for them. Depends on the company. Paypal let you use theirs.
The secure gateway is similar to the SSL where they customer inputs their data and that data is transmitted through encryption. But instead of sending the data to you, that part of the data (cc info) goes to the company that is processing the credit card. There also is not change in url or webpages. This is done behind the scenes.
So basically, thats it.. Thats what you need to be secure.. its kinda nnice to have someone ask that, because MOST people dont care.. they think they will not be vistims to hackers.. but guess what, if a customer gets their info stolen from your site and you did not take the proper precautions, its YOU that will pay, because 9 times out of 10, the person who did the stealing of the info is untraceable and from another country.
SSL sheet? Shopping cart? 
